Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1475 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11501 1 Nixos Project 1 Nixos 2025-04-20 N/A
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.
CVE-2017-8060 1 Watchguard 1 Panda Mobile Security 2025-04-20 5.9 Medium
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2017-8213 1 Huawei 2 Smc2.0, Smc2.0 Firmware 2025-04-20 N/A
Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module.
CVE-2017-5907 1 Great Southern Bank 1 Great Southern Mobile Banking 2025-04-20 N/A
The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2845 2 Cyberduck, Microsoft 2 Cyberduck, Windows 2025-04-20 5.9 Medium
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
CVE-2017-8301 1 Openbsd 1 Libressl 2025-04-20 N/A
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
CVE-2017-7406 1 Dlink 1 Dir-615 2025-04-20 9.8 Critical
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.
CVE-2015-7778 1 Gurunavi 1 Gournavi 2025-04-20 N/A
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks.
CVE-2016-2402 1 Squareup 2 Okhttp, Okhttp3 2025-04-20 5.9 Medium
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
CVE-2016-1132 1 Docomo 1 Shoplat 2025-04-20 N/A
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
CVE-2016-3083 1 Apache 1 Hive 2025-04-20 N/A
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.
CVE-2015-5666 1 Ana 1 All Nippon Airways 2025-04-20 N/A
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
CVE-2015-6358 1 Cisco 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more 2025-04-20 N/A
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
CVE-2017-1000209 1 Nv-websocket-client Project 1 Nv-websocket-client 2025-04-20 N/A
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.
CVE-2017-1000256 2 Debian, Redhat 2 Debian Linux, Libvirt 2025-04-20 8.1 High
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
CVE-2016-4467 1 Apache 1 Qpid Proton 2025-04-20 N/A
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
CVE-2016-4818 1 Dmm 3 Dmmfx Demo Trade, Dmmfx Trade, Gaitamejapan Fx Trade 2025-04-20 N/A
DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates.
CVE-2016-4832 1 Aeon 1 Waon 2025-04-20 N/A
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates.
CVE-2016-4840 1 Toshiba 1 Coordinate Plus 2025-04-20 5.9 Medium
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
CVE-2017-2278 3 Apple, Google, Iid 3 Iphone Os, Android, Rbb Speed Test 2025-04-20 N/A
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.